Generating a verifiable pairwise claim. Receiving a request for issuing a verifiable claim that is associated with a subject entity and is verifiable by one or more verifying entities. The request includes at least an encrypted portion using a particular type of encryptography. Verifying that the subject entity is associated with a subject of the verifiable claim based on decrypting the encrypted portion using the particular type of cryptography. In response to verifying that the subject entity is associated with the subject of the verifiable claim, issuing the verifiable claim that is structured to be verifiable only by the one or more verifying entities.

To control an image forming apparatus using a service on a network, an information terminal performs two-factor authentication and acquires authentication information through the two-factor authentication so that the image forming apparatus accesses the service.

An example computer-implemented method of providing security for a software container includes discovering credentials that a software container is expected to use at runtime. The discovering is performed prior to instantiation of the software container from a container image, and is based on one or more of credentials stored in the container image, credentials stored in runtime configuration data for the software container, and credentials from a secrets management service. An unsafe credential set is determined that includes one or more of the discovered credentials that do not meet predefined credential safety criteria. A runtime request is intercepted from the software container. A credential violation is detected based on the intercepted runtime request attempting to use a credential from the unsafe discovered credential set. A corrective action is performed for the software container based on the detected credential violation.

An example computer-implemented method of providing security for a software container includes discovering credentials that a software container is expected to use at runtime. The discovering is performed prior to instantiation of the software container from a container image, and is based on one or more of credentials stored in the container image, credentials stored in runtime configuration data for the software container, and credentials from a secrets management service. An unsafe credential set is determined that includes one or more of the discovered credentials that do not meet predefined credential safety criteria. A runtime request is intercepted from the software container. A credential violation is detected based on the intercepted runtime request attempting to use a credential from the unsafe discovered credential set. A corrective action is performed for the software container based on the detected credential violation.

A method at a computing device, the method including detecting, at the computing device, a trigger that authentication is pending for an application or service; indicating a state of a credential vault via a user interface of the computing device; and when the credential vault is in a locked state, activating an authentication mechanism for the credential vault without changing focus on the user interface for the application or service.

A method at a computing device, the method including detecting, at the computing device, a trigger that authentication is pending for an application or service; indicating a state of a credential vault via a user interface of the computing device; and when the credential vault is in a locked state, activating an authentication mechanism for the credential vault without changing focus on the user interface for the application or service.

An improved One Time Password (iOTP) is used in a two-factor authentication mechanism to decode a username, and the inherent security of the iOTP eliminates the need for a password. When the user is identified by the iOTP, a second challenge is sent. The second challenge may be confirmed by user biometrics or via a PIN code if the user's device does not support biometrics. Benefits of the subject invention include: (1) no username, which eliminates exposure to multiple domain attacks (i.e., attacks on other sites with the same username) that attempt to extract passwords from less secure sites (e.g., where a user used the same username and password across multiple sites); and (2) password-less access—the iOTP replaces both the username and password function, thereby eliminating the need for the user to manage multiple usernames and passwords.

An improved One Time Password (iOTP) is used in a two-factor authentication mechanism to decode a username, and the inherent security of the iOTP eliminates the need for a password. When the user is identified by the iOTP, a second challenge is sent. The second challenge may be confirmed by user biometrics or via a PIN code if the user's device does not support biometrics. Benefits of the subject invention include: (1) no username, which eliminates exposure to multiple domain attacks (i.e., attacks on other sites with the same username) that attempt to extract passwords from less secure sites (e.g., where a user used the same username and password across multiple sites); and (2) password-less access—the iOTP replaces both the username and password function, thereby eliminating the need for the user to manage multiple usernames and passwords.

Provided is a method for securely diversifying a generic application stored in a secure processor of a terminal, said method comprising: Generating at the request of a manager application hosted in an application processor of said terminal, at the level of a distant server, a server challenge; Sending said server challenge to said application; Generating a first message at said application, said first message being function of said server challenge, an application challenge and an unique identifier of said application; Sending said first message to a Root-Of-Trust service hosted in a secure processor of said terminal, said Root-of-Trust service generating an attestation of said first message, said attestation guaranteeing that said first message has not been modified and originates from said secure processor; and Transmitting said attestation of said first message to said distant server in an enablement request message.

A smart forms solution that enables transactions institutions to provide configuration parameters in a streamlined manner so that developers can construct end-to-end solutions in an automated manner includes performing, by a processor, operations including: receiving data from a form in a webpage; validating the received data; saving the validated data; determining a location to send the saved data; sending the saved data to the determined location; invoking an API at the determined location with the saved data; and using the saved data to perform a manual operation.